Zeeshan Baig's Blog

Pages

Thursday, June 21, 2018

Overview

In AWS you can design your own network using VPC (Virtual Private Cloud). You can assign your own IP address ranges and split your network into Public and Private Subnets. In simple words, Public Subnet is like Green Zone where traffic from the internet is allowed while Private Subnet is DMZ where no direct internet access is allowed.

Problem

So what if we need to install/update/upgrade software, utilities or OS on EC2 Instances running in a private subnet? one option is to manually FTP to the box and install it but sometimes is not feasible.

For scenarios like these AWS provides us NAT Gateways (previously NAT Instances which are going to obsolete soon).

Wednesday, May 23, 2018

Overview

These days Terraform is the industry’s go-to tool for Infrastructure automation. Terraform allows you to write infrastructure as a code, which you can manage via source control and one of many benefits is that you can keep track of the changes of your infrastructure (which is a nightmare for any organization).

How Terraform keep track of the changes in your environment? it creates a terraform.tfstate file on a local filesystem. TF state file is simply a small database of the state of your environment. Whenever you run terraform plan, apply or destroy commands it reads the current state from terraform.tfstatefile and applies changes to it.

Problem

The problem arrives when you are working in a team. Since terraform.tfstate file is created on your local file system the other developer does not have visibility to it. When any other developer executes the same scripts terraform will create a new terraform.tfstate file which would be different from the current state.

Common solutions to this issue could be to store terraform.tfstate in a source control, that might work in a small team where one person is working at a time or where you have the option of having a different account for each developer. One issue with that is also the .tfstate file could have some sensitive information (such as RDS passwords) that you don’t want to upload to source control systems like GitHub.

In this post, I will show you how you can solve this problem using Remote backends, how can you setup Terraform to use S3 buckets to keep the state of your environment.

Remote Backends

There are many types of remote backends you can use with Terraform but in this post, we will cover the popular solution of using S3 buckets.

Following are some benefits of using remote backends

Team Development — when working in a team, remote backends can keep the state of infrastructure at a centralized location

Sensitive Information — with remote backends your sensitive information would not be stored on local disk

Remote Operations — Infrastructure build could be a time-consuming task, some remote backends supports remote execution of the tasks. You can then turn off your computer and your operation will still complete. Paired with remote state storage and locking above, this also helps in team environments.

Thursday, May 17, 2018

We all probably now familiar with the term GDPR, if not then you have probably 100s of unread emails in your inbox on updated Privacy Policy from every account you signed up for.The term GDPR stands for General Data Protection Regulation. As per Wikipedia:

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

What covers under GDPR what is not? IMO one can write the whole book about it but I will try to explain in simple terms

What is GDPR?

The personal details such as IDs, birthdays, addresses, account numbers, health records and other sensitive information are everywhere and in the hands of partners and vendors, we work with every day.

Because all this information is out there, we as individuals have to trust the parties to handle that information securely and when they don’t handle it, the data breaches could result in inconvenience, cost time and money and hurt the reputation.

European Union leads the way with GDPR regulation to keep information safe and protects the rights of a real people, customers, partners around the world.

Following are some key highlights

Individual Rights

Under personal privacy section, individuals have right to

Data Transparency

Full access to data

Rectification of data

Erase personal data

Opt-out or object from processing at any time

Organizations Responsibilities

Organizations will need to:

Protect all personal data of any kind

Determine the purpose and methods that will be used for processing the data, organizations would be responsible for any errors involving third parties as well

Get individuals consents for data processing

Organizations must be completely transparent about the individual’s data on how and why they are using it.

Notify individuals and authorities for any data breaches

Your Responsibility

As a working professional, how to identify if you are compliant with GDPR or not? you need to ask the following questions from yourself

Do I have permission to use this data?

How can I protect this data?

What to do if data is at risk?

By asking these questions you will fulfill your responsibility and compliance with GDPR.

Friday, May 11, 2018

Overview

Monitoring is a critical part of any cloud infrastructure and it is important to maintain reliability, availability, and performance of your AWS cloud applications. There are 2 main types of monitoring you can do on AWS EC2 Instances as follows

Saturday, April 28, 2018

Overview

Recently one of our customers came up with a requirement to merge assets into one single AWS account, there are some other ways such AWS Organization to manage multiple AWS accounts but in this case, the requirement was clear to move EC2 instances from one account to another.

The solution to this requirement was quick straightforward and convenient from AWS. To summarize you need to do the following

Obtain AWS account ID where you want to copy/move/migrate the EC2 instance